Related papers: Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

URL: http://arxiv.org/abs/2402.08908v2
Date: Fri, 9 Aug 2024 04:03:17 GMT
Title: Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust
Authors: Xiaolin Zhang, Kailun Qin, Shipei Qu, Tengfei Wang, Chi Zhang, Dawu Gu,
Abstract summary: Remote (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities.
Score: 11.664322958897449
License: http://creativecommons.org/licenses/by-nc-sa/4.0/
Abstract: Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to directly provide physical trusted measurements. On the other hand, we design novel decentralized verification functions on smart contract with result audits and RA session snapshot. Furthermore, we design an automated switch mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an complete prototype.

Related papers

A Trustworthy AIoT-enabled Localization System via Federated Learning and Blockchain [29.968086297894626]
We propose a framework named DFLoc to achieve precise 3D localization tasks. Specifically, we address the issue of single-point failure for a reliable and accurate indoor localization system. We introduce an updated model verification mechanism within the blockchain to alleviate the concern of malicious node attacks.
arXiv Detail & Related papers (2024-07-08T04:14:19Z)
SRAS: Self-governed Remote Attestation Scheme for Multi-party Collaboration [1.6646558152898505]
In multi-party cloud computing, how to select a Relying Party to verify the TEE of each party and avoid leaking sensitive data to each other remains an open question. We propose SRAS, an open self-governed remote attestation scheme with verification functions for verifying the trustworthiness of TEEs and computing assets. We provide an open-source prototype implementation of SRAS to facilitate the adoption of this technology by cloud users or developers.
arXiv Detail & Related papers (2024-07-04T08:57:18Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
This paper introduces a novel approach using WebAssembly to address these issues. We present the design of a portable and fully attested publish/subscribe system as a holistic approach. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
arXiv Detail & Related papers (2023-12-01T16:37:48Z)
Blockchain-based Zero Trust on the Edge [5.323279718522213]
This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security. The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities. We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
arXiv Detail & Related papers (2023-11-28T12:43:21Z)
Runtime Verification for Trustworthy Computing [0.0]
We show how runtime verification can enhance the level of trust to the Rich Execution Environment (REE) We propose practical solutions to two threat models for the RV-TEE monitoring process.
arXiv Detail & Related papers (2023-10-03T18:23:16Z)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
Reliable Federated Disentangling Network for Non-IID Domain Feature [62.73267904147804]
In this paper, we propose a novel reliable federated disentangling network, termed RFedDis. To the best of our knowledge, our proposed RFedDis is the first work to develop an FL approach based on evidential uncertainty combined with feature disentangling. Our proposed RFedDis provides outstanding performance with a high degree of reliability as compared to other state-of-the-art FL approaches.
arXiv Detail & Related papers (2023-01-30T11:46:34Z)
Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z)
Federated Learning with Unreliable Clients: Performance Analysis and Mechanism Design [76.29738151117583]
Federated Learning (FL) has become a promising tool for training effective machine learning models among distributed clients. However, low quality models could be uploaded to the aggregator server by unreliable clients, leading to a degradation or even a collapse of training. We model these unreliable behaviors of clients and propose a defensive mechanism to mitigate such a security risk.
arXiv Detail & Related papers (2021-05-10T08:02:27Z)
Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels [77.34726150561087]
Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks. We give an overview of current solutions that differ in their fundamental values and technological possibilities. We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
arXiv Detail & Related papers (2020-07-03T10:45:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.